>NO NO NO NO NO. *MY* argument is that port scanning, from a technical
>standpoint, is indistinguishable from "UNacceptable use" and that there is
>no real, clearly defined, practical definition of unacceptable use THAT
DOES
>NOT INCLUDE port scanning.
I've not seen any definitions, so I'll not comment on this...
>My contention simply is, that if you have a server on the internet, and you
>have services running on its ports, you have apparently given SOME people
>"permission" to connect to it. In most cases you will advertise those
>services to the people whom you intend to use them.
Agreed. You will also have to expect to be scanned, if said server is
accessible from the public internet. You will, therefore, want to implement
measures to ensure only your intended user base is able to access the
appropriate services. This may include placing the server on a subnet that
is not publicly accessible. In that case, it does not apply to this
discussion as I'm speaking of port scans on hosts accessible from the
internet.
Very simply, a server accessible from the public internet should expect to
be scanned. It's the only way to "see" what is there. If the scan shows
WWW, FTP, telnet and DNS available, then said server should expect
connections to the various servers. Attempts to log into the FTP server as
"anonymous" or telnet attempts with a username of "guest" should be
expected.
> If we reject the notion that servers are property, with owners who are
>entitled to determine what uses to permit and what to deny, AND TO WHOM,
then
>of course we have no longer any basis for Computer Security as a field; we
>should pack up this mailing list and all go find USEFUL things to do
instead.]
The basis is quite simple. If the servers are to be connected such that
they are accessible by the general public, they will need to be secured.
Why is that? Because the basic assumption that goes with connecting a
machine to the public is the machine will be subjected to scans and
connection attempts. If that were not true, then there would be no need for
security. You secure your machines because you expect them to be scanned
and expect people to attempt connections via telnet, etc...
> Do you walk up to the door of the local Ford plant when you want to buy a
>car? Do you knock on every door on your block, looking for someone who has
a
>car to sell? Does every building, by virtue of having a street address,
>invite your inquiry as to whether perhaps they have a car to sell?
> NO. You notice (or look for) an advertisement, on TV or in the Yellow
>Pages or in the newspaper, for someone who tells the world that they have
the
>kind of car you want *offered for sale*.
Not necessarily. Sometimes I just drive around, looking for a business that
might be open...just like a port scan.
> The fact that the technology doesn't allow us to "stand across the street
>and count the windows" does NOT, I think, constitute an implicit permission
>to determine the number of windows by more agressive/intimate means.
I think this is the very point. Technology DOES allow us to "stand across
the street and count windows". That's exactly what a port scan does. Not
just from across the street, but from across the planet...to anything that
is connected to the PUBLIC internets.
I don't grasp why you perceive a simple port scan as a "more
agressive/intimate means", since it is the least intrusive way to view a
host across the net. I wouldn't even classify connection attempts to the
various running services via telnet as aggressive or intimate. Connections
are harmless.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
